Wire Data + Log Data: The Perfect Match

In IT operations, log data (or machine data) has always been the primary actor. Each of the devices in the network: servers, routers, switches, APs, load balancers, firewalls, etc. provides information about its health status, interfaces, and many other KPIs. This data is crucial and helps to identify any issue within the network. For many years, SNMP and Netflow have been the main sources for network monitoring. Thanks to the adoption of BigData in this field, we can now benefit from the complete log data ingestion of all the different sources: WMI, APIs, CDRs, Syslog, etc. With all this information we will know one by one what is the status and activity of each of the devices.

However, all these monitoring capabilities are not enough to have complete network visibility and understanding. For IT managers, it is not strange to receive plenty of complains about the performance of certain services or applications while they do not have in advance any important issue notified by the available log data, or they just see so many alarms that it is almost impossible to find the root cause. This environment leads to reactive network management based on continuous troubleshooting in panic mode with a high demanding SLA.

The importance of Wire Data

Here is where Wire Data comes to action helping IT teams to become more proactive. This type of data is the one extracted from the real IP flows, so a probe is needed and it must receive a copy of the traffic. There are two types of wire data: the metadata or records taken out of these flows and the traffic captures (PCAPs).

This metadata will give real-time analytics about network performance. The Viewtinet probe, Viewtimon, has DPI (deep packet inspection) capabilities in order to recognize applications (even if they are encrypted), calculate network KPIs (throughput, IPs, ports, flows, volume, etc.) and QoE measurements (round trip time, retransmission ratio, latency, MOS, jitter, etc.). This new dimension of information will provide a level of visibility and understanding that not only will significantly reduce the resolution time but will also help the IT teams to be more proactive and avoid many of the issues. The PCAPs are also a great tool for troubleshooting, for forensic analysis and to track the flow of malicious traffic.

If I deploy a probe for Wire Data, do I still need Log Data?

Both points of view are complementary. It is true that some of the log data, like Netflow, will provide less information than the one taken from the probe. So some of the data sources may not provide benefits.

But imagine we want to monitor the status of one specific application that is critical for the business. With log data, we can track the health status of all the devices and interfaces involved in the delivery of the application, the status of the servers, its processes, etc. With wire data, we can track network performance, connections, delays, etc. So having both of them is the perfect match.

For example, for VoIP, we can collect the CDRs (log data) that will provide information about where, when, and how calls are made and will definitely help us to identify if there is a problem (among much other information). It this problem is network related, wire data will provide crucial information to identify the root cause very efficiently.

Of course, many people may suggest that most of the log data is already available in each device management software, but having everything under a single pane view, including the network quality of experience, is the best way of exiting the panic mode troubleshooting and switching into a proactive intelligent network. Viewtinet provides all the different elements for having all this network intelligence: the analytics tool, database, log-data automatic integration from any vendor and also the DPI probe for wire data.